Commit Graph

1430 Commits

Author SHA1 Message Date
David Mc Ken
4f177407dd Update github urls. 2022-12-08 13:13:05 -04:00
David Mc Ken
45e05f9487 Minor formatting updates. 2022-12-08 13:10:44 -04:00
David Mc Ken
0bdd09b3f1 Update links. 2022-12-08 13:06:00 -04:00
David Mc Ken
6babb1cd03 Update links. 2022-12-08 13:03:15 -04:00
David Mc Ken
3e9fc1f8fc Minor update to header. 2022-12-08 13:00:00 -04:00
David Mc Ken
88b7331db1 Fix missing extensions. 2022-12-08 12:34:31 -04:00
David Mc Ken
2c7c75b3a6 Update DynDNS2.md to features sub-folder. 2022-12-08 12:32:32 -04:00
David Mc Ken
7df3f03362 Move web server config to separate folder. 2022-12-08 12:29:50 -04:00
David Mc Ken
4584b2aa24 Move and fix links for install guides. 2022-12-08 12:26:00 -04:00
David Mc Ken
370aad4dfa Github seems to require the extension. 2022-12-08 12:22:57 -04:00
David Mc Ken
305e529cfe Fix header and update preparation links. 2022-12-08 12:21:45 -04:00
David Mc Ken
d259a6494e Move preparation guides to sub-folder. 2022-12-08 12:20:40 -04:00
David Mc Ken
5f750d1bb8 Move Home.md to README.md 2022-12-08 12:17:08 -04:00
Matt Scott
f6bca2c999
Merge pull request #1298 from PowerDNS-Admin/1297-move-project-wiki-into-files
Added current wiki content to project files.
2022-12-08 10:54:41 -05:00
Matt Scott
3cdf2b6b7c Added current wiki content to project files for ongoing maintenance. Existing wiki will be updated with a link reference to the wiki files. 2022-12-08 10:52:02 -05:00
Will Rouesnel
25ebbf132c
Fix handling of passwords with % in the SQLALCHEMY_DATABASE_URI
Fix Flask-Migrate ValueError from occurring when a password has '%'
characters in it when specified via SQLALCHEMY_DATABASE_URI.
2022-11-04 11:59:59 +11:00
jbe-dw
f6289d140c
Merge pull request #1272 from PowerDNS-Admin/api-doc
Update API.md
2022-10-14 16:03:43 +02:00
jbe-dw
d88da0fde3
Update API.md 2022-10-14 15:33:33 +02:00
WhatshallIbreaktoday
d25a22272e allow null/None JSON data
This change permits to proxy pdns zone notify api requests (which are expected to be with empty body)
2022-10-12 08:10:35 +02:00
jbe-dw
f8048bf6aa
Merge pull request #1255 from corubba/bugfix/api-order
fix: deletes shall come first in api payload (#1251)
2022-09-23 09:20:41 +02:00
corubba
cb835978df Fix order of operations in api payload
PDNS checks that when a `CNAME` rrset is created that no other rrset of
the same name but a different rtype exists. When changing a record type
to `CNAME`, PDA will send two operations in one api call to PDNS: A
deletion of the old rrset, and the addition of the new rrset. For the
check in PDNS to pass, the deletion needs to happen before the addition.
Before PR #1201 that was the case, the first api call did deletions and
the second handled additions and changes. Currently the api payload
contains additions first and deletions last. PDNS applies these in the
order they are passed in the payload to the api, so to restore the
original/correct/working behaviour the order of operations in the api
payload has to be reversed.

fixes #1251
2022-09-23 00:19:22 +02:00
Pascal de Bruijn
846c03f154 models/user.py: add non-zero valid_window to totp.verify
PyOTP's totp.verify defaults to the valid_window of zero, which means
it will reject valid codes, if submitted just past the 30 sec window.
It also means, users will run into authentication issues very quickly
if their phones time-sync isn't perfect.

Therefore valid_window should at the very least be 1 or more, settting
it higher trades security for robustness, especially with regard to
time desync issues.
2022-09-07 14:23:34 +02:00
Pascal de Bruijn
41a3995865 routes/index.py: otp_force shouldn't apply to OAuth
as 2FA policies are typically enforced on the OAuth proviers end

Relates to #1051
2022-09-06 16:28:45 +02:00
Pascal de Bruijn
4fd1b10018 models/user.py: properly guard plain_text_password property
Resolves the following issue, which occurs with force_otp enabled
and OAuth authentication sources:

File "/srv/powerdnsadmin/powerdnsadmin/models/user.py", line 481, in update_profile
  "utf-8") if self.plain_text_password else user.password
AttributeError: 'User' object has no attribute 'plain_text_password'
2022-09-06 15:31:43 +02:00
Pascal de Bruijn
9bf74a6baf admin_edit_key: default to User role for new api keys
hopefully this will prevent accidental administator api keys from being created
2022-09-06 15:25:28 +02:00
Phil Jaenke
5f304ee29a
Update to python-ldap 3.4.2
Minor version bump. This is necessary to resolve build issues on Alpine 3.16+ without impacts for any other distributions.
2022-08-22 20:40:17 -04:00
Vasileios Markopoulos
204c996c81
Merge pull request #1221 from corubba/bugfix/changelog-hyphen
Fix rrset changelog for names with hyphen
2022-07-01 15:52:44 +03:00
AdvanticGmbH
3c68b611c6
Update powerdnsadmin/routes/admin.py
Looks good to me

Co-authored-by: Corubba <97832352+corubba@users.noreply.github.com>
2022-06-29 08:56:01 +02:00
AdvanticGmbH
cfab13824d Add history entries for association changes of domains 2022-06-28 11:19:00 +02:00
AdvanticGmbH
6a2ba1b1c3 Add list to manage with an account associated domains 2022-06-28 11:18:53 +02:00
jbe-dw
e6f6f9cea4
Update Javascript libraries (#1213)
This PR includes all dependabot patches and replace jsmin (abandoned) with rjsmin
2022-06-24 23:23:56 +02:00
dependabot[bot]
e7fbc7af37
Bump shell-quote from 1.6.1 to 1.7.3
Bumps [shell-quote](https://github.com/substack/node-shell-quote) from 1.6.1 to 1.7.3.
- [Release notes](https://github.com/substack/node-shell-quote/releases)
- [Changelog](https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md)
- [Commits](https://github.com/substack/node-shell-quote/compare/1.6.1...1.7.3)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:12 +02:00
Jérôme BECOT
41642fcea4
fix: Update JS minifier library 2022-06-24 23:03:01 +02:00
dependabot[bot]
18150eea34
Bump moment from 2.22.2 to 2.29.2
Bumps [moment](https://github.com/moment/moment) from 2.22.2 to 2.29.2.
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/moment/moment/compare/2.22.2...2.29.2)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:01 +02:00
dependabot[bot]
34be227381
Bump cached-path-relative from 1.0.2 to 1.1.0
Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative) from 1.0.2 to 1.1.0.
- [Release notes](https://github.com/ashaffer/cached-path-relative/releases)
- [Commits](https://github.com/ashaffer/cached-path-relative/commits)

---
updated-dependencies:
- dependency-name: cached-path-relative
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:00 +02:00
dependabot[bot]
289faa5019
Bump jquery-ui from 1.12.1 to 1.13.0
Bumps [jquery-ui](https://github.com/jquery/jquery-ui) from 1.12.1 to 1.13.0.
- [Release notes](https://github.com/jquery/jquery-ui/releases)
- [Commits](https://github.com/jquery/jquery-ui/compare/1.12.1...1.13.0)

---
updated-dependencies:
- dependency-name: jquery-ui
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:00 +02:00
dependabot[bot]
a88f4a66c6
Bump path-parse from 1.0.5 to 1.0.7
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.5 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:02:56 +02:00
jbe-dw
6908f1d209
Allow new domains to be absolute (#1227)
author: corubba
2022-06-24 23:00:33 +02:00
corubba
5036619a67 Allow new domains to be absolute
Allow the new domain name to be input absolute (with a dot at the end).
To keep the rest of the logic working as-is, remove it fairly early in
the function.

Would have loved to use `str.removesuffix()` but that's python v3.9+.
2022-06-23 22:31:00 +02:00
corubba
9890ddfa64 Fix rrset changelog for names with hyphen
When clicking the changelog button for a record with the name
`foo-bar.example.org`, the url you get redirected to is
`/domain/example.org/changelog/foo-bar.example.org.-A`. Because of the
non-greedy behaviour of the path converter, the last part gets split at
the *first* hyphen, so the example above gets wrongly dissected into
`record_name=foo` and `record_type=bar.example.org.-A`. This results
for obvious reasons in an empty changelog.

As described in rfc5395 [0], types have to be alphanumerical, so its
converter is changed from path to string.

The hyphen is one of the few characters recommended by rfc1035 [1],
so it is a bad choice as separator. The separator is instead changed to
a slash.
Granted, this does not entirely solve the issue but at least makes it a
lot less likely to happen. Plus, a lot more and other things break in
pda with slashes in names.

[0] https://datatracker.ietf.org/doc/html/rfc5395#section-3.1
[1] https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.1
2022-06-19 12:16:40 +02:00
jbe-dw
dac232147e
enh: Cookies security (#1211)
author: corruba
2022-06-18 22:51:47 +02:00
jbe-dw
35cbc59016
enh: Update zone using a single api call (#1201)
author: corruba
2022-06-18 22:50:33 +02:00
corubba
3a8ad7c444 Remove OFFLINE_MODE config option 2022-06-18 19:11:16 +02:00
corubba
b809308d31 Add LDAP user images 2022-06-18 19:11:16 +02:00
corubba
607caa1a2d Rework user image handling
Moved all the logic out of the template into a separate endpoint. This
makes it easy to extend to also support images from different sources
like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow
time-based caching in the browser, the url needs to be unique for every
user by using a query parameter.

Replaced the default/fallback user image with a new one. It is based on
the old one, but does not need css to be visible. And removed said css.

Gravatar has now its own setting named `gravatar_enabled`, which is
disabled by default.
2022-06-18 19:11:13 +02:00
corubba
b795f1eadf Use the doc search directly 2022-06-18 19:07:23 +02:00
corubba
fee26b84ba Remove IE8 polyfills
These old browsers are EOL since 2016 [0], let them finally rest in
peace.

This effectively reverts/replaces commit b8dee5d17056788c2dc9940d14308648e32186d8.

[0] https://web.archive.org/web/20160115070611/https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
2022-06-18 19:07:23 +02:00
corubba
54b2c5918f Serve the IE8 polyfills from local 2022-06-18 19:07:23 +02:00
corubba
674704609b Always use local fonts 2022-06-18 19:07:23 +02:00
corubba
af902f24a2 Update using only one api call
Starting with the very first commit, the update was always done with
two api calls: one for DELETE and one for REPLACE. It is however
perfectly valid and save to do both at once, which makes it atomic, so
no need for the rollback. Plus it only updates the serial once.
There is no point in sending the full RRset data when deleting it, the
key attributes to identify it are enough. This also make the behaviour
consistent with the api docs [0] where it says "MUST NOT be included
when changetype is set to DELETE."

[0] https://doc.powerdns.com/authoritative/http-api/zone.html#rrset
2022-06-18 18:58:39 +02:00